From 6c57a4d03c0528f0883a914e66be02e26c8de682 Mon Sep 17 00:00:00 2001
From: Tom MTT <tom@heimdall.pm>
Date: Wed, 23 Nov 2022 07:08:13 +0100
Subject: [PATCH] feat: safer `free()'s

`free' allocated buffers only on success inside the main loop, and
`free' them on error inside their respective functions

(fixes an UB where an already freed buffer is freed again in the main
loop)
---
 bin.c     |  7 ++++++-
 feuille.c | 11 ++++++-----
 2 files changed, 12 insertions(+), 6 deletions(-)

diff --git a/bin.c b/bin.c
index df35119..3de01e6 100644
--- a/bin.c
+++ b/bin.c
@@ -13,6 +13,7 @@
 
 #include "bin.h"
 
+#include <errno.h>    /* for errno                                      */
 #include <stdio.h>    /* for NULL, fclose, fopen, fputs, snprintf, FILE */
 #include <stdlib.h>   /* for calloc, free, malloc, rand, realloc        */
 #include <string.h>   /* for strlen                                     */
@@ -39,8 +40,11 @@ char *generate_id(int min_length)
 
     /* for each letter, generate a random one */
     for (int i = 0; i < length; i++) {
-        if (i > 8 * min_length)
+        if (i > 8 * min_length) {
+            errno = EFBIG;
+            free(buffer);
             return NULL;
+        }
 
         buffer[i]     = id_symbols[rand() % strlen(id_symbols)];
         buffer[i + 1] = 0;
@@ -55,6 +59,7 @@ char *generate_id(int min_length)
                 free(buffer);
                 return NULL;
             }
+
             buffer = tmp;
         }
     }
diff --git a/feuille.c b/feuille.c
index f1388e3..f994f65 100644
--- a/feuille.c
+++ b/feuille.c
@@ -340,6 +340,8 @@ int main(int argc, char *argv[])
                                 send_response(connection, url);
 
                                 verbose(1, "All done.");
+
+                                free(url);
                             } else {
                                 error("error while making a valid URL.");
                                 send_response(connection, "Could not create your paste URL.\nPlease try again later.\n");
@@ -348,10 +350,14 @@ int main(int argc, char *argv[])
                             error("error while writing paste to disk.");
                             send_response(connection, "Could not write your paste to disk.\nPlease try again later.\n");
                         }
+
+                        free(id);
                     } else {
                         error("error while generating a random ID.");
                         send_response(connection, "Could not generate your paste ID.\nPlease try again later.\n");
                     }
+
+                    free(paste);
                 } else {
                     if (errno == EFBIG)
                         send_response(connection, "Paste too big.\n");
@@ -365,11 +371,6 @@ int main(int argc, char *argv[])
                     error("error %d while reading paste from incoming connection.", errno);
                 }
 
-                /* free resources */
-                free(paste);
-                free(id);
-                free(url);
-
                 /* close connection */
                 close_connection(connection);
             }